Configuring Validation and Securement properties to Secure Web Service
1. To secure our web service request and response we need to configure validation and securement properties
of Wss4jSecurityInterceptor in spring-ws-servlet.xml. This configuration will do the following.
a.
Decrypt incoming encrypted request and
b.
Encrypt outgoing response.
<?xml version="1.0"
encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sws="http://www.springframework.org/schema/web-services"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/web-services
http://www.springframework.org/schema/web-services/web-services-2.0.xsd">
<sws:annotation-driven />
<context:component-scan base-package="com.bookstore.core,com.bookstore.endpoints"/>
<sws:dynamic-wsdl id="bookstore" portTypeName="BookStoreInterface"
locationUri="http://localhost:8080/bookstore-web-service/services"
targetNamespace="http://www.bookstore.com/schema">
<sws:xsd location="WEB-INF/bookstore.xsd" />
</sws:dynamic-wsdl>
<bean id="wss4jSecurityInterceptor"
class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
<!-- configuration to decrypt incoming request
-->
<property name="validationActions" value="Encrypt" />
<property name="validationDecryptionCrypto">
<ref bean="keystore"
/>
</property>
<property name="validationCallbackHandler">
<bean class="org.springframework.ws.soap.security.wss4j.callback.KeyStoreCallbackHandler">
<property name="privateKeyPassword" value="server12345" />
</bean>
</property>
<!-- configuration to encrypt outgoing response -->
<property name="securementActions" value="Encrypt" />
<property name="securementEncryptionUser" value="bookstore-client-import" />
<property name="securementEncryptionCrypto">
<ref bean="keystore"
/>
</property>
</bean>
<bean id="keystore"
class="org.springframework.ws.soap.security.wss4j.support.CryptoFactoryBean">
<property name="keyStorePassword" value="server12345" />
<property name="keyStoreLocation" value="WEB-INF/bookstore-server-keystore.jks"
/>
</bean>
<sws:interceptors>
<ref bean="wss4jSecurityInterceptor"
/>
</sws:interceptors>
</beans>
|
2.
Update pom.xml under WEB-INF directory to include
spring web service security dependencies. Important point to note here is that
spring-ws-security depends on Sun Java Streaming XML parser hence it has to be
added as a dependency.
<?xml version="1.0"
encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.bookstore</groupId>
<artifactId>bookstore-web-service</artifactId>
<packaging>war</packaging>
<version>1.0-SNAPSHOT</version>
<name>bookstore-web-service Spring-WS Application</name>
<url>http://www.springframework.org/spring-ws</url>
<build>
<finalName>bookstore-web-service</finalName>
<plugins>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.5</source>
<target>1.5</target>
</configuration>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>tomcat-maven-plugin</artifactId>
<version>1.1</version>
</plugin>
</plugins>
</build>
<dependencies>
<dependency>
<groupId>org.springframework.ws</groupId>
<artifactId>spring-ws-core</artifactId>
<version>2.1.2.RELEASE</version>
</dependency>
<dependency>
<groupId>com.sun.xml.stream</groupId>
<artifactId>sjsxp</artifactId>
<version>1.0.2</version>
</dependency>
<dependency>
<groupId>org.springframework.ws</groupId>
<artifactId>spring-ws-security</artifactId>
<version>2.1.2.RELEASE</version>
</dependency>
</dependencies>
</project>
|
No comments :
Post a Comment